CVE-2022-42121

A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected...

PT-2022-26123 · Arches · Arches

Name of the Vulnerable Software and Affected Versions: Arches versions prior to 6.1.2 Arches versions prior to 6.2.1 Arches versions prior to 7.1.2 Description: The issue allows an attacker to execute unwanted SQL statements against the database with a carefully crafted web request. Users are...

Lansweeper SQL Injection (CVE-2022-21234)

An SQL injection vulnerability exists in Lansweeper. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

SQL Injection

github.com/ibax-io/go-ibax is vulnerable to SQL injection. The vulnerability exists in the GetRowsInfo function of database.go due to improper argument handling of the database queries which allows an attacker to inject and execute arbitrary SQL queries...

SQL Injection

github.com/ibax-io/go-ibax is vulnerable to SQL injection. The vulnerability exists in the GetRowsInfo function of database.go due to improper argument handling of the database queries which allows an attacker to inject and execute arbitrary SQL queries...

Security Bulletin: Vulnerability in PostgreSQL may affect IBM Elastic Storage System

Summary PostgreSQL could allow a remote attacker to gain unauthorized access to the system which may affect IBM Elastic Storage System. Vulnerability Details CVEID:CVE-2022-1552 DESCRIPTION: PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not...

My wpdb < 2.5 - Arbitrary SQL Query via CSRF

The plugin is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack PoC...

My wpdb < 2.5 - Arbitrary SQL Query via CSRF

The plugin is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack document.getElementById"test".submit;...

The vulnerability of the MTA email message checking module and the file checksum search module of the FortiSandbox threat detection and removal system allows a perpetrator to execute arbitrary SQL code.

The vulnerability of the MTA email message checking module and the file checksum search module of the FortiSandbox threat detection and removal system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute...

Sql injection

The affected product DIAEnergie versions prior to v1.9.01.002 is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries...

CVE-2022-41133 Delta Electronics DIAEnergie

The affected product DIAEnergie versions prior to v1.9.01.002 is vulnerable to a SQL injection that exists in GetDIAElinemessagesettingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries...

CVE-2022-39362 Metabase vulnerable to arbitrary SQL execution from queryhash

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9...

CVE-2022-3395 WP All Export Pro < 1.7.9 - Authenticated SQLi

The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with t...

PT-2022-21932 · Unknown · Wp All Export Pro

Name of the Vulnerable Software and Affected Versions: WP All Export Pro versions prior to 1.7.9 Description: The issue allows users with permission to run exports to execute arbitrary SQL statements due to the direct use of the cc sql POST parameter as a database query. This affects users who ha...

CVE-2022-39056 Changing Information Technology Inc. RAVA certificate validation system - SQL Injection

RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database...

SQL Injection

modsecurity-crs:sid is vulnerable to SQL injection. An authenticated attacker is able to inject and execute arbitrary SQL commands in the database through comment characters and variable assignments in the SQL syntax...

WP ALL Export Pro < 1.7.9 - Authenticated SQLi

The plugin uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports...

Sourcecodester Hotel and Lodge Management System 2.0 - SQL Injection

Sourcecodester Hotel and Lodge Management System 2.0 contains a SQL injection vulnerability via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

Important: postgresql

Issue Overview: A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

CVE-2022-36258

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt"...